On Sun, 2008-06-22 at 18:04 +0200, RedShift wrote:
Pierre Schmitz wrote:
Hi,
as mentioned in the apache thread I would like to use a dedicated user/group for our different webserver packages. To achieve this I'd like to add the user/group http to our filesystem package. (It allready contains them for mail and ftp)
According to http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database uid/gid 33 should be free for use.
An install script to add those for upgraders have to be added, too.
Another approach would be adding an install script creating those groups to the webserver packages.
What do you think is best?
Pierre
Why not just use nobody for programs that need their own user, as a sane default. Any smart admin should create any groups and users himself when necessairy. And prevents cluttering of unnecessairy users/groups. For example in my httpd setups, the http users would never be used.
IMO.
Glenn
Using nobody for each and every service makes the nobody user unsafe to use. As soon as one of your daemons is compromised, all of them are compromised also because they share the same user.